BUSINESS AND SECURITY

(Opening courtesies)
It has become a commonplace of security analysis that today's challenges arise, and need to be combated, less and less in the classical "Westphalian" space of state-to-state relations, and more and more at sub-state level and at the level of transnational or truly global interactions. We have to defend ourselves (and our values) both within our own territories, and on other people's territories–in the latter case preferably through agreed forms of cooperation or through legitimate peace operations. A point which should obviously flow from this, but which is not so much studied or debated, is that states also need to find new kinds of allies and partners in this process: within their own societies, and in the transnational society created by globalization. Most people are already aware of the importance of NGOs and other civil society partners in this connection, and of the power of the media for good or ill, and many are now discussing the role of scientists, e.g., in controlling "dangerous knowledge" at source. But much less research attention and policy making effort has been devoted to one very large, powerful and universal set of actors, namely the private sector business community. Several people and organizations represented in this room have been working hard to fill this gap, and in speaking for SIPRI as a relative newcomer to the topic I want first of all to honour and help better to advertise their contributions. The aim of the new book from SIPRI and OUP which we are launching here today is just the same: plus an attempt to bring together the different dimensions of business/security interaction – covering old, new, and even newer types of threats and challenges – and to promote a more serious and comprehensive debate than before on what are the right policy approaches and mechanisms to handle new-age public–private sector partnerships in the security field.

Let me start with a broad assertion: the connection between private sector business on the one hand and national, international and human security on the other is closer and more complicated today than at any time we can recall in history. Traditional societies used to draw a hard line between the warriors and the merchant caste. For many centuries weapons technology was distinct from other technologies and if there was spin-off it was only in the direction from military to civilian use. In the cold war, the only circumstances in which businesses could expect to find their assets mobilized for security purposes was in actual wartime, which for Europe actually never came. But for 15 years now since the end of the cold war the security focus has been moving towards international crisis management operations, where our troops take part while our own societies and economies continue on a peacetime basis: and in the 3 years since 9/11/01 we have been giving new attention to transnational threats like terrorism and weapons of mass destruction, which can hit any society but also draw nourishment out of any society and economy that is not on its guard against them, even at the highest level of development and peace. In these conditions the private sector plays a combination of roles which between them cover almost all dimensions of new-style security:

• the traditional role of a supplier of equipment to the defence forces, but now increasingly also a supplier of support services both in peace and wartime, including some literally front-line services ("private military companies", etc.);
• the role of a victim of terrorist attacks (NB how business suffered in the Twin Towers!), and of the secondary economic losses and growing burden of security costs arising from those attacks, together with the risks from conflicts and other more traditional forms of violence;
• a complex role in the management of new transnational threats, where it can be either part of the problem or part of the solution depending on whether it contributes to, or helps to stop, the leakage of dangerous technologies and the flow of resources to support terrorism and crime;
• the actual controller and provider of security in the fields of energy supply, delivery of other vital resources and utilities, and vital infrastructures including the management and integrity of cyberspace.

Our book covers all these topics and more. In the traditional SIPRI style of balance and global coverage, it tries particularly hard to acknowledge that the exact scope of the business and security agenda can differ, and the positive/negative balance can tilt, depending on where you stand in the world and on the ladder of economic development. From some viewpoints especially in the developing world, business looks less like a victim of conflict and more like part of the dynamics that keep certain conflicts going. From some geographical and philosophical viewpoints, the whole globalization process and the role that business plays in it are a security threat in themselves, not necessarily inferior to the threat from terrorism or WMD. One does not have to share these views in order to see that good global policies for developing the private sector's good security roles will need to take account of them, and of the varying objective and psychological climates for implementation, in order to arrive at really good global solutions.

The topic is thus almost frighteningly complex and in the time I have left to speak here, I obviously can't do justice to all its aspects. In particular I will say no more about business and conflict since we have two excellent speakers to follow here on that subject. I will leave aside infrastructure security partly because other excellent conferences have been held on it recently by institutions like GCSP and the NATO Science Programme. I would, however, like to touch on two other areas of public/private sector interaction which I find personally fascinating and on which I think our book at least offers useful food for thought. They also happen also to be relevant to the work of important international organs here in Geneva.

First is the impact of the new anti-terrorism agenda on business, in all its ramifications. Apart from the direct personnel losses from 9/11 and other terrorist attacks, we know that the private sector was also hard hit by secondary economic losses from the knock-on effects especially in the insurance, aviation and tourist industries. But beyond this, business all around the world has been hit by costs and inconvenience flowing from the measures that the US and other governments took to react to the attacks and protect against further ones:

• tighter visa and immigration procedures, longer travel times because of security checks
• the container security initiative (C-TPAT)
• new international and national regulations to stop the flow of terrorist financing, including many new obligations that have been passed on to the bank and company level
• tighter export controls both on objects and technologies that may have double or multiple uses relevant to WMD and other possible terrorist weapons (of which more later).

As always, the costs of such measures including necessary procedural and organizational adjustments are particularly and disproportionately burdensome for smaller companies and smaller countries. On top of all this, there are large and still incalculable effects for the business world from the huge overspends that the USA has run into in its domestic budget and overseas trade balance, mainly because of extra spending on military operations and homeland security measures. A limited number of companies have of course benefited from the new contracts involved, but – as the IMF pointed out just recently – this style of fiscal management involves a huge gamble with the economic stability and recovery both of the US itself and of the whole developed world economy. Insofar as an America in deficit is also an America that finds it harder to be open and generous on trade conditions, there is a link to the whole future of the Doha round in which the interests of developing countries are critically at stake.

Of course business has both a duty and an interest to help the state and inter-state community manage the threat from terrorism and other transnational crimes: but it seems to me it has a right to ask whether the job is being done in the right way and with fair and proportionate costs. Well-meant but misguided measures could risk both stifling legitimate business by overburdening it, and damaging the already rather battered framework of fair international competition. Most businessmen I have met during our project and elsewhere do not actually see terrorism as the one overriding threat to their business or as one worth sacrificing other important interests for – and we should recall that in their own way they are highly expert at risk calculation and management. Large numbers of companies in the US itself have complained about visa restrictions making it harder for them to do business with other regions, about container security regularly delaying shipments by a day or more, about misdirection and waste of resources in the homeland security programme and about money being diverted from programmes that support them and their communities more directly. As against this, some have argued that tighter security was overdue in many of these fields and is essentially an efficiency measure that will help stop other abuses too, like crime and corruption. But everybody would have to agree that the measures have essentially been imposed on business, including business here in Europe, without consultation (or any real effort to exploit business's own considerable expertise): and that even our European governments have been given little choice but to follow US government dictates. Shouldn't the people who are being defended, and actually paying for the defence directly or directly, have some say in how their defence is designed? The question is one I'll come back to right at the end.

My second topic is a linked one, i.e. the role and responsibilities of business concerning the transfer and possible proliferation of strategically significant high technologies. The traditional definition of "dual-use" technologies is arguably becoming too simple and narrow here. It used to make us think about and tailor our measures to such sectors as aerospace and other transport technologies, electronic communications and computer applications, and nuclear power technology. All those remain highly sensitive areas: but the so-called revolution in military affairs is now placing increasing focus on laser technology, sensor and networking technologies, everything connected to missiles which have become the focus of concern about WMD delivery, and everything to do with space vehicles and satellites. Perhaps the fields where it is hardest of all to draw lines between peaceful technologies and security challenges are those of chemical production and biotechnology. A wide range of commonly produced chemicals could quite easily be converted into chemical weapons or used directly in ways that would damage individuals and societies. Any bio-agent, natural or man-made, that affects human and animal health or the growth of crops could become a weapon and in a nasty twist, any remedy guaranteed to protect ourselves against such effects could make it easier for ourselves to use the weapon against others. These are well documented problems, but if time allowed we could go into more exotic and futuristic fields of concern: about the misapplication of technologies ranging from nanotechnology to genetic modification to manipulation of the environment e.g. by cloud control, or the whole group of technologies connected with so-called non-lethal weapons.

So the security implications of high technology development have broadened in functional terms, but they have also widened because more countries both in the Western and developing worlds have gained access to these technologies and become secondary sources of potential proliferation; and because we increasingly have to worry today about misuse of technology not just by states but by terrorists and criminals (i.e. because of technical enhancement of the means of global information exchange). Traditionally, the security policy to deal with all these risks has consisted of export control regimes run by coalitions of mainly high-technology nations, which try to stop the export both of dangerous objects, components and fuels and of the "dangerous knowledge" required for others to produce them. The use of WMD technologies is also controlled through the nuclear non-proliferation treaty, the nuclear safeguards system run by the IAEA, and the global conventions outlawing chemical and biological weapons. But these haven't stopped the development of what Mohamed ElBaradei has famously called a "Wal-Mart" in destructive technologies, or the growth of new proliferation problems in countries ranging from Libya to North Korea. The majority of responsible nations, including our own European Union, now want to tighten up and modernize the system, but how can it be done?

• Problems of information, of enforcement, and correct communication/collaboration with the private sector, even within Western countries
• Problems of updating/adapting to new technological possibilities, on which only the private sector can give "early warning"
• Need for scientists/researchers themselves to control "dangerous knowledge", and practical [e.g. multinational research teams, outsourcing] and ethical problems over this
• Need to engage secondary/tertiary producers e.g. China, India, Middle East countries, but evident contradictions of interest (and commercial problems over using "positive" technology sharing as an incentive).

I will not even try to offer solutions, because all I mean to do here is to open up the agenda and show why it needs further thought and work. I have just two short final remarks.

First, I feel particular attention is needed to the systemic or "governance" challenges of properly tackling these private–public sector interactions, and here the problem exists at several levels. For companies themselves it is an issue of whether and how to establish what we might call (for short) good "corporate security" and "corporate security responsibility" programmes, and how to relate these to other policies they may be developing on corporate social responsibility, the "greening" of business, or good corporate governance generally. Second, the research done by Isabel Frommelt and embodied in a very useful final section of our book shows that there is a wide range both of institutional policies and guides for business, and of networks and best practice banks set up by business itself, which are certainly not as well known as they should be and probably not enough networked and coordinated among themselves. Third is the question of how individual governments and intergovernmental institutions could consult and work better with the private sector on security topics in future, where the answer clearly should not be a kind of resumption of state control or mere dictation to business, but cannot be just a matter of going with the flow of free market forces and purely economically motivated decisions either. This challenge becomes even harder when we see it, as we must, as a global one and consider how to bring in both the public and the private sectors of the developing world.

Last but not least, I am happy to use my final words to thank the Liechtenstein Government for supporting our project and helping to publicize and distribute our book; our good partners at the Liechtenstein-Institut who hosted last year's international conference on the same subject; all the individual contributors including those who are with us today; and the HEI for kindly taking this evening's event under its wing.